I just returned from the CHIME and HIMSS events in Las Vegas. I’m recovering from the overstimulation both inside and outside the events. It’s always a treat to see old friends, make some new friends, and enjoy the smorgasbord of education and vendors. If chaos precedes innovation, then I’m happy to be in the midst of the most innovative period of my personal and professional life.

There were so many common themes in the booths, the education sessions, and in hallway conversations, at least for those I heard. Rather than focus on some of the new, innovative, very exciting and promising topics which I referenced in an earlier blog, I’d like to focus on one that’s still a concern for our profession and the people in the communities we serve – cybersecurity.

Cybersecurity like many other terms (e.g., analytics, population health, patient engagement) in the HIT industry spans a wide array of activities. The challenges for people who must provide appropriate levels of cybersecurity are to:
1. define how they use the term cybersecurity, and more importantly, how they will communicate their concepts to the clinical and business people around them,
2. develop a strategy that is appropriately comprehensive and aspirational, then
3. develop a risk profile that can be shared and easily understood in lay terms for the patients, the staff, both the clinical and business people on the executive management team and, when appropriate, board members,
4. make decisions about the degree of risk for each element in the profile that an individual or organization can accept sometimes subject to external parties such as regulators and business risk insurers – decisions which must protect the sacred trust between patients, families and their providers and
5. create a detailed set of tactics with options and alternatives that allow an individual or organization to
6. make practical and pragmatic plans that can be implemented based on the risk appetite, available resources, and external requirements which are often, but not only, regulatory, and
7. execute the plans reliably, consistently, and transparently which means sharing information about some but not all the measures which have been put into place, and finally,
8. regularly test the plans and measures that you’ve implemented and be prepared to respond using a carefully prepared and regularly exercised disaster recovery and business continuity plan.

Even if you are diligent about every step, it’s important to remember perfection is neither affordable nor achievable. Every individual and organization makes difficult decisions about how to balance security and accessibility, resources and risk. Two important factors that deserve ongoing attention are education and vigilance, factors which lower the risk.

The challenge for our country is that every individual, that’s all our citizens, and every organization regardless of size that participates either directly or indirectly in healthcare and public health must address cybersecurity effectively to protect each other. Complicating the matter is that all of us, with few exceptions, have in our hands, cars, homes, or at work devices that are connected or soon will be to a network of some sort. The more we connect, the more we are vulnerable. Thankfully, there are people, processes, and technologies that can address the vulnerabilities and help us manage the risk.

StarBridge Advisors has experienced individuals who’ve addressed these real-world threats in their provider-based CXO roles and who work with an array of solution providers across the healthcare continuum. We can help you formulate the right questions, discern the validity and practicality of the answers, and develop a programmatic or specific approach to address the risks you’re facing, help you manage risk more effectively, and reduce your vulnerabilities using some or all of the approach discussed above. In today’s world, every citizen must participate in making the healthcare and public health sector secure.